{"id":"CVE-2026-23115","summary":"serial: Fix not set tty-\u003eport race condition","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nserial: Fix not set tty-\u003eport race condition\n\nRevert commit bfc467db60b7 (\"serial: remove redundant\ntty_port_link_device()\") because the tty_port_link_device() is not\nredundant: the tty-\u003eport has to be confured before we call\nuart_configure_port(), otherwise user-space can open console without TTY\nlinked to the driver.\n\nThis tty_port_link_device() was added explicitly to avoid this exact\nissue in commit fb2b90014d78 (\"tty: link tty and port before configuring\nit as console\"), so offending commit basically reverted the fix saying\nit is redundant without addressing the actual race condition presented\nthere.\n\nReproducible always as tty-\u003eport warning on Qualcomm SoC with most of\ndevices disabled, so with very fast boot, and one serial device being\nthe console:\n\n printk: legacy console [ttyMSM0] enabled\n printk: legacy console [ttyMSM0] enabled\n printk: legacy bootconsole [qcom_geni0] disabled\n printk: legacy bootconsole [qcom_geni0] disabled\n ------------[ cut here ]------------\n tty_init_dev: ttyMSM driver does not set tty-\u003eport. This would crash the kernel. Fix the driver!\n WARNING: drivers/tty/tty_io.c:1414 at tty_init_dev.part.0+0x228/0x25c, CPU#2: systemd/1\n Modules linked in: socinfo tcsrcc_eliza gcc_eliza sm3_ce fuse ipv6\n CPU: 2 UID: 0 PID: 1 Comm: systemd Tainted: G S 6.19.0-rc4-next-20260108-00024-g2202f4d30aa8 #73 PREEMPT\n Tainted: [S]=CPU_OUT_OF_SPEC\n Hardware name: Qualcomm Technologies, Inc. Eliza (DT)\n ...\n tty_init_dev.part.0 (drivers/tty/tty_io.c:1414 (discriminator 11)) (P)\n tty_open (arch/arm64/include/asm/atomic_ll_sc.h:95 (discriminator 3) drivers/tty/tty_io.c:2073 (discriminator 3) drivers/tty/tty_io.c:2120 (discriminator 3))\n chrdev_open (fs/char_dev.c:411)\n do_dentry_open (fs/open.c:962)\n vfs_open (fs/open.c:1094)\n do_open (fs/namei.c:4634)\n path_openat (fs/namei.c:4793)\n do_filp_open (fs/namei.c:4820)\n do_sys_openat2 (fs/open.c:1391 (discriminator 3))\n ...\n Starting Network Name Resolution...\n\nApparently the flow with this small Yocto-based ramdisk user-space is:\n\ndriver (qcom_geni_serial.c): user-space:\n============================ ===========\nqcom_geni_serial_probe()\n uart_add_one_port()\n serial_core_register_port()\n serial_core_add_one_port()\n uart_configure_port()\n register_console()\n |\n | open console\n | ...\n | tty_init_dev()\n | driver-\u003eports[idx] is NULL\n |\n tty_port_register_device_attr_serdev()\n tty_port_link_device() \u003c- set driver-\u003eports[idx]","modified":"2026-04-02T13:12:03.596973Z","published":"2026-02-14T15:09:47.826Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23115.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2501c49306238b54a2de0f93de43d50ab6e76c84"},{"type":"WEB","url":"https://git.kernel.org/stable/c/32f37e57583f869140cff445feedeea8a5fea986"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23115.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23115"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"bfc467db60b76c30ca1f7f02088a219b6d5b6e8c"},{"fixed":"2501c49306238b54a2de0f93de43d50ab6e76c84"},{"fixed":"32f37e57583f869140cff445feedeea8a5fea986"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23115.json"}}],"schema_version":"1.7.5"}